CIAC Bulletin H-02 issues Sun's thumb-busting god-dam-its for SYN flooding: ============================================================================= SUN MICROSYSTEMS SECURITY BULLETIN: #00136, 9 Oct 1996 ============================================================================= BULLETIN TOPICS In this bulletin Sun discusses the TCP-based "SYN flood" denial- of-service attack. We suggest ways to tune most Solaris/SunOS systems to make them more resistant, and explain which releases and configurations stand up best. We also discuss which customers are most likely to be affected, and the degree to which firewalls and similar insulating arrangements can protect an enterprise from this attack. This Bulletin also describes the patches and other changes Sun commits to making in the future in response to the emergence of such attacks. This denial-of-service attack, which affects all operating systems which implement the TCP protocol, has previously been discussed in CERT(sm) Advisory CA-96.21, issued on 19 September 96. Attacks against several prominent service providers have been well documented in the last several weeks in Time magazine, the Wall Street Journal, and many other national and international periodicals. I. What has Happened, Who is Affected, What to Do II. Understanding the Vulnerability III. Technical Recommendations IV. Plans and Schedules APPENDICES A. Queuing Capacity Vs. Attack Rates B. How to obtain Sun security patches C. How to report or inquire about Sun security problems D. How to obtain Sun security bulletins or short status updates ----- http://jya.com/sunsyn.txt (48 kb) ftp://jya.com/pub/incoming/sunsyn.txt SUN_syn